<?php
namespace app\common\service;


class NetfilterSafeRule extends Base 

{
    /**
     * @name: 列表
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2019-12-20 16:21:58
     */
    function list ($host_id, $limit)
    {
        $return = db('NetfilterSafeRule')->where('host_id', $host_id)->paginate($limit)->toArray();

        return $return;
    }

    /**
     * @name: 删除
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2019-12-20 16:26:03
     */
    function init ($host_id)
    {
        db('NetfilterSafeRule')->whereIn('host_id', $host_id)->update(['status' => 1]);
    }

    /**
     * @name: 删除
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2019-12-20 16:26:03
     */
    function trunOnOff ($host_id, $rule_id, $status)
    {
        db('NetfilterSafeRule')->whereIn('host_id', $host_id)->whereIn('id', $rule_id)->update(['status' => $status]);
    }

    /**
     * @name: 通过id查询
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2019-12-20 16:32:23
     */
    function selectById ($host_id, $rule_id, $status = 1)
    {
        $return = db('NetfilterSafeRule')->field('content,status')->whereIn('host_id', $host_id)->whereIn('id', $rule_id)->where('status', $status)->select();
        if(empty($return))
        {
            $this->setError($this->CODE_FAIL, '未找到默认规则');
            return [];
        }
        return $return;
    }

    /**
     * @name: 通过id查询
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2019-12-20 16:32:23
     */
    function selectByHostId ($host_id)
    {
        $return = db('NetfilterSafeRule')->field('content,status')->whereIn('host_id', $host_id)->select();
        if(empty($return))
        {
            $this->setError($this->CODE_FAIL, '未找到默认规则');
            return [];
        }
        return $return;
    }

    /**
     * @name: 
     * @Param: 
     * @Description: 添加
     * @Author: foo
     * @Date: 2019-12-20 17:37:05
     */
    function add ($host_id, $proxyData, $useRule)
    {
        if(db('NetfilterSafeRule')->where('host_id', $host_id)->count() > 0)
        {
            return [];
        }
        switch ($useRule)
        {
            case 3 :
                $rules = $this->windows2008();
                break;
            case 4 :
                $rules = $this->windows2012();
                break;
            default :
                $rules = $this->linux($proxyData);
        }
        

        $insertData = array_map(function($v) use ($host_id){
            return [
                'host_id' => $host_id,
                'content' => $v,
                'status' => 0,
            ];
        }, $rules);

        db('NetfilterSafeRule')->insertAll($insertData);
    }

    /**
     * @name: linux 安全规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-01-03 16:50:13
     */
    function linux ($proxyData)
    {
        $return = [
            'iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ',
            'iptables -A INPUT -p icmp -j ACCEPT ',
            'iptables -A INPUT -i lo -j ACCEPT ',
            'iptables -A OUTPUT -j ACCEPT',
        ];

        foreach ($proxyData as $proxy)
        {
            $return[$proxy['ip'].':'.$proxy['port']] = 'iptables -A INPUT -s  ' . $proxy['ip'] . '  -p tcp -m state --state NEW -m tcp --sport '. $proxy['port'] . ' -j ACCEPT ';
        }

        return $return;
    }

    /**
     * @name: windows2008 安全规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-01-03 16:53:24
     */
    function windows2008 ()
    {
        $return = [
            'netsh advfirewall firewall add rule name="icmpv6in"  dir=in action=allow  protocol=icmpv6',
            'netsh advfirewall firewall add rule name="icmpv6out"  dir=out action=allow  protocol=icmpv6',
            'netsh advfirewall firewall add rule name="icmpv4in"  dir=in action=allow  protocol=icmpv4',
            'netsh advfirewall firewall add rule name="icmpv4out"  dir=out action=allow  protocol=icmpv4',
        ];
        
        return $return;
    }

    /**
     * @name: windows2012 安全规则
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2020-01-03 16:53:38
     */
    function windows2012 ()
    {
        $return = [
            'New-NetFirewallRule -DisplayName "icmpv6in" -Direction Inbound -Action Allow -protocol icmpv6',
            'New-NetFirewallRule -DisplayName "icmpv6out" -Direction Outbound -Action Allow -protocol icmpv6',
            'New-NetFirewallRule -DisplayName "icmpv4in" -Direction Inbound -Action Allow -protocol icmpv4',
            'New-NetFirewallRule -DisplayName "icmpv4out" -Direction Outbound -Action Allow -protocol icmpv4',
        ];

        return $return;
    }
    /**
     * @name: 删除
     * @Param: 
     * @Description: 
     * @Author: foo
     * @Date: 2019-12-24 11:29:01
     */
    function del ($host_id_a)
    {
        db('NetfilterSafeRule')->whereIn('host_id', $host_id_a)->delete();
    }
}